CN114760090A - Communication security authentication method and device for power 5G network slice - Google Patents

Communication security authentication method and device for power 5G network slice Download PDF

Info

Publication number
CN114760090A
CN114760090A CN202210178412.9A CN202210178412A CN114760090A CN 114760090 A CN114760090 A CN 114760090A CN 202210178412 A CN202210178412 A CN 202210178412A CN 114760090 A CN114760090 A CN 114760090A
Authority
CN
China
Prior art keywords
slice
random
ciphertext
parameter
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210178412.9A
Other languages
Chinese (zh)
Other versions
CN114760090B (en
Inventor
吴鹏
姚继明
郭云飞
王玮
陈端云
林彧茜
虞跃
朱亮
方友旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Southeast University
Global Energy Interconnection Research Institute
State Grid Fujian Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Southeast University
Global Energy Interconnection Research Institute
State Grid Fujian Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Southeast University, Global Energy Interconnection Research Institute, State Grid Fujian Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202210178412.9A priority Critical patent/CN114760090B/en
Publication of CN114760090A publication Critical patent/CN114760090A/en
Application granted granted Critical
Publication of CN114760090B publication Critical patent/CN114760090B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a communication security authentication method and a device for an electric power 5G network slice, wherein in the method, a user terminal Ui and a core network element management module AMF match out a first ciphertext characteristic element which is the same as a first encryption key based on an exchangeable encryption algorithm in a protocol authentication process, and decrypt the first ciphertext characteristic element to obtain a corresponding second ciphertext characteristic element. Finally, the core network element management module AMF decrypts the slice provisioning scheme that satisfies the slice request feature vector set again based on the decrypted second ciphertext feature element. The deployment scheme in the embodiment of the invention is simple, a PKI system is not needed, the data calculation and data transmission overhead is reduced, the transmission time delay is reduced, and the calculation and communication efficiency is improved.

Description

Communication security authentication method and device for power 5G network slice
Technical Field
The invention relates to the technical field of 5G network slice communication, in particular to a communication security authentication method and device for a power 5G network slice.
Background
With the rapid development of a new round of mobile communication technology 5G, it is possible to interconnect everything, and compared with 4G and 5G, a new network architecture provides bandwidth of 10Gps or more, millisecond-level delay, and ultra-high-density connection, thereby realizing a great increase in network performance. However, as the application of 5G network slices becomes more and more widespread, the security of the 5G network slices also becomes an important issue, and a flexible network slice mechanism of 5G also brings new security threats, so that the conventional network security protection technology is difficult to meet the requirement of 5G. Therefore, a security mechanism of the 5G network slice in the internet of things communication process needs to be further enhanced to prevent information leakage among the network slices, unauthorized access of the network slices, and illegal user illegal operation on the network slices.
In the related technology, in the network slice authentication selection, information interaction is performed between the user equipment UI and the core network element AUSF, identity authentication work is performed through the core network element AUSF, a shared key is negotiated with each other, and the shared key is used to ensure the data security of the network slice. Or, with the help of the PKI authentication system, the user deploys the PKI and applies for the public key certificate, and both of the two ways need to complete the encryption of the shared public key through a complex encryption algorithm, so that the communication authentication process is complex, the data calculation and data transmission costs are high, and interaction with a plurality of secure network elements is also needed, which affects the transmission delay.
Disclosure of Invention
Therefore, the technical problem to be solved by the present invention is to overcome the problems in the prior art that the communication authentication process is complex, the data calculation and data transmission overhead is high, and the transmission delay is affected by interaction with multiple security network elements, so as to provide a communication security authentication method and device for a power 5G network slice.
According to a first aspect, an embodiment of the present invention provides a communication security authentication method for a power 5G network slice, which is used for a user terminal, and includes the following steps:
determining a slicing request feature vector set according to the service requirement and the network characteristics;
randomly generating a random prime number, a first random decryption parameter and a first random encryption parameter so as to calculate a first encryption key to encrypt the slicing request feature vector set;
generating a slice authentication request message based on a first encrypted file obtained by encrypting the random prime number and the first encryption key, and forwarding the slice authentication request message to a core network element management module through a base station;
receiving a slice authentication response message forwarded by the core network element management module through the base station, wherein the slice authentication response message is loaded with a second encrypted file encrypted by a second encryption key calculated based on the random prime number, a second random decryption parameter and a second random encryption parameter, and a second slice authentication ciphertext set of each slice supply scheme in a slice supply feature vector set, and the second slice authentication ciphertext set comprises a plurality of second ciphertext feature elements;
according to the first random encryption parameter and the second ciphertext characteristic elements, calculating a first slice authentication ciphertext set used for encrypting each second ciphertext characteristic element in the second slice authentication ciphertext set, wherein the first slice authentication ciphertext set comprises a plurality of first ciphertext characteristic elements;
determining the same matching result between the first ciphertext feature element and the second encryption key by matching, wherein the same matching result is the encrypted ciphertext meeting the slice supply scheme of the slice request feature vector set;
and based on the first random decryption parameter, decrypting the same matching result to obtain the second ciphertext characteristic element corresponding to the same matching result, and forwarding the decrypted second ciphertext characteristic element to the core network element management module through the base station, so that the core network element management module decrypts a slice supply scheme meeting the slice request characteristic vector set based on a second random key parameter.
In one embodiment, a random prime number, a first random decryption parameter, and a first random encryption parameter are randomly generated to calculate a first encryption key to encrypt the slice request feature vector set, which is calculated by the following formula:
PKUi=SKUi -1mod p-1;
Figure BDA0003521299730000031
wherein SKUiFor the first random decryption parameter, SKUi∈Zp-2Natural number of (PK)UiIs the first random encryption parameter, p is the random prime number, EUiIs said first encryption key, FUiA feature vector set is requested for the slice.
In one embodiment, a first slice authentication ciphertext set for encrypting each second ciphertext feature element in the second slice authentication ciphertext set is calculated according to the first random encryption parameter and the second ciphertext feature element, where the first slice authentication ciphertext set includes a plurality of first ciphertext feature elements, and is calculated by the following formula:
Figure BDA0003521299730000032
wherein E isAMF' authenticating the first slice with a ciphertext set, EAMFl' is the first ciphertext feature element, PKUiFor the first random encryption parameter, FAMFlSupplying the slice with the ith slice supply scheme in the feature vector set, p being the random prime number, PKAMfIs the second random encryption parameter.
In one embodiment, based on the first random decryption parameter, decrypting the identical matching result to obtain the second ciphertext feature element corresponding thereto is calculated by the following formula:
Figure BDA0003521299730000041
wherein E isAMFlFor the ith second ciphertext feature element, EAMFl' is the l first ciphertext feature element, SKUiFor the first random decryption parameter, SKUi∈Zp-2P is the random prime number, FAMFlSupplying the slice with the ith slice supply scenario, PK, in the feature vector setAMFAnd the second random encryption parameter is corresponding to the second random decryption parameter.
According to a second aspect, an embodiment of the present invention further provides a communication security authentication method for a power 5G network slice, which is used for a core network element management module, and includes the following steps:
receiving a slice authentication request message forwarded by a user terminal through a base station, wherein the slice authentication request message is loaded with a first encrypted file formed by encrypting a random prime number and a first encryption key;
calculating a second encryption key for re-encrypting the first encrypted file according to the random prime number, a second random decryption parameter and a second random encryption parameter which are generated randomly;
determining a slice supply feature vector set for supplying the slice request feature vector set, the slice supply feature vector set including a plurality of slice supply schemes;
calculating a second cipher text set for encrypting each slice supply scheme in the slice supply feature vector set according to the second random encryption parameter, the random prime number and each slice supply scheme in the slice supply feature vector set, wherein the second cipher text set comprises a plurality of second cipher text feature elements;
generating a slice authentication response message based on a second encrypted file encrypted by the second slice authentication ciphertext set and the second encryption key, and forwarding the slice authentication response message to the user terminal through the base station, so that the user terminal decrypts the same matching result of the first ciphertext characteristic element and the second encryption key based on a first random decryption parameter to obtain the second ciphertext characteristic element corresponding to the same matching result;
and receiving the second ciphertext characteristic element decrypted by the user terminal through the base station, and decrypting the slice supply scheme meeting the slice request characteristic vector set based on the second random key parameter.
In one embodiment, a second encryption key for re-encrypting the first encrypted file is calculated according to the random prime number, a second random decryption parameter and a second random encryption parameter, and is calculated according to the following formula:
PKAMF=SKAMF -1mod p-1;
Figure BDA0003521299730000051
wherein, PKAMFIs the second randomEncryption parameter, SKAMFFor said second random decryption parameter, SKAMF∈Zp-2P is the random prime number, EUi' is said second encryption key, EUiIs said first encryption key, FUiRequesting a feature vector set, PK, for the sliceUiIs a first random encryption parameter.
In one embodiment, a second slice authentication ciphertext set for encrypting each slice provision scheme in the slice provision feature vector set is calculated based on the second random encryption parameter, the random prime number, and each slice provision scheme in the slice provision feature vector set by the following formula:
Figure BDA0003521299730000052
wherein E isAMFAuthenticating the second slice with a ciphertext set, EAMFlIs the ith second ciphertext feature element, FAMFlProtocol for the first slice, PKAMFP is the random prime number for the second random encryption parameter.
In one embodiment, decrypting the slice provisioning scheme that satisfies the slice request feature vector set based on the second random key parameter is calculated by:
Figure BDA0003521299730000061
wherein, FAMFlSupply protocol for the l slice, EAMFlFor the ith second ciphertext feature element, SKAMFAs a second random key parameter, SKAMF∈Zp-2P is the random prime number.
According to a third aspect, the present invention further provides a computer-readable storage medium, which stores computer instructions for causing a computer to execute the communication security authentication method for the power 5G network slice described in the first aspect or any implementation manner of the second aspect.
According to a fourth aspect, an embodiment of the present invention further provides a computer device, including: the communication security authentication method for the power 5G network slice comprises a memory and a processor, wherein the memory and the processor are communicatively connected with each other, the memory stores computer instructions, and the processor executes the computer instructions to execute the communication security authentication method for the power 5G network slice described in the first aspect or any implementation manner of the second aspect.
The technical scheme of the invention has the following advantages:
the invention discloses a communication security authentication method and a device for an electric power 5G network slice, wherein in the method, a user terminal Ui and a core network element management module AMF match out a first ciphertext characteristic element which is the same as a first encryption key based on an exchangeable encryption algorithm in a protocol authentication process, and decrypt the first ciphertext characteristic element to obtain a corresponding second ciphertext characteristic element. Finally, the core network element management module AMF decrypts the slice provisioning scheme that satisfies the slice request feature vector set again based on the decrypted second ciphertext feature element. The deployment scheme in the embodiment of the invention is simple, a PKI system is not needed, the data calculation and data transmission overhead is reduced, the transmission time delay is reduced, and the calculation and communication efficiency is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a specific example of a communication security authentication method for a power 5G network slice in an embodiment of the present invention;
fig. 2 is a flowchart of another specific example of a communication security authentication method for a power 5G network slice in an embodiment of the present invention;
fig. 3 is a schematic diagram of communication authentication interaction among a base station, a user terminal, and a core network element management module in an embodiment of the present invention;
fig. 4 is a block diagram of a communication security authentication apparatus of a power 5G network slice according to an embodiment of the present invention;
fig. 5 is another block diagram of a communication security authentication apparatus of a power 5G network slice according to an embodiment of the present invention;
fig. 6 is a hardware schematic diagram of a computer device in an embodiment of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; the two elements may be directly connected or indirectly connected through an intermediate medium, or may be communicated with each other inside the two elements, or may be wirelessly connected or wired connected. The specific meanings of the above terms in the present invention can be understood in a specific case to those of ordinary skill in the art.
In addition, the technical features involved in the different embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
The embodiment of the invention discloses a communication security authentication method for an electric power 5G network slice, which is used for a user terminal, wherein the user terminal can be an intelligent power grid user terminal or other types of user terminals. The embodiment of the invention can be applied to the application scene of the 5G network slice power internet of things communication authentication of the smart grid.
In the smart grid, there are many low power consumers who are not suitable for using a sophisticated communication authentication scheme. In the embodiment of the invention, aiming at the problem that the existing 5G network slice selection scheme has poor performance, a new security authentication scheme is designed based on an exchangeable encryption algorithm (Pohlig-hellman). The method comprises the steps that a safe and efficient slice selection scheme is designed for a slice selection matching process of a user terminal Ui, a base station gNB and a core network element management module AMF in a 5G intelligent power grid and is used for protecting slice selection information privacy between the user terminal Ui and the core network element management module AMF, in the scheme, the user terminal Ui initializes a secret key of the user terminal Ui, the slice characteristic data selected by the user terminal Ui are encrypted and then transmitted to the core network element management module AMF through the base station gNB, the core network element management module AMF randomly generates the secret key after receiving a message, encrypts the received data and a slice set and transmits the encrypted data and slice set to the user terminal Ui through the base station gNB; the user terminal Ui encrypts the slice set for the second time according to the received message, compares the encrypted slices and returns the correct encrypted slices to the core network element management module AMF through the base station gNB; and after receiving the data, the AMF carries out secondary decryption to obtain the slice selected by the user terminal Ui. Therefore, slice privacy data between the user terminal Ui and the core network element management module AMF are protected, and the data cannot be exposed to a third-party attacker.
Example 1
The embodiment of the invention discloses a communication security authentication method of an electric power 5G network slice, which is used for a user terminal and comprises the following steps as shown in figure 1:
step S11: and determining a slice request feature vector set according to the service requirement and the network characteristics.
The slice in the embodiment of the present invention may be a 5G network slice. The service requirement mentioned above is a service condition required by the user terminal for executing the service application. And the network characteristics are the slicing speed, bandwidth, time delay, security level and the like. And dividing physical network resources into a plurality of fine-grained network slices according to the characteristics of speed, bandwidth, time delay, security level and the like. Physical network resource PNR ═ { slice ═ slice1,slice2,…,slicenDS, which denotes the default network slice. Slice per network sliceiHas a group of different characteristic values for representing the characteristics of speed, bandwidth, time delay, safety level and the like, and uses a vector SiF=(SiF1,SiF2,…,SiFt) Representing (containing t features) the network slice feature value numbered i.
For example: determining a slice request feature vector set to be F according to the service requirement and the network characteristicsUi=(x1,…,xj,…,xt) Wherein each element xjFor a slice characteristic (e.g. delay, etc.), each element xj∈FUEThe slice request feature vector set contains t slice request feature elements.
In the embodiment of the invention, the core element management module AMF expects to obtain the slice selection data F requested by the user terminal UiAMFl=FUi,FAMFlSlicing feature data available for the core element management module AMF.
Step S12: and randomly generating a random prime number, a first random decryption parameter and a first random encryption parameter so as to calculate a first encryption key to encrypt the slice request feature vector set.
The random prime number may be represented by p, and the first random decryption parameter may beUsing SKUiExpress, SKUi∈Zp-2The first random encryption parameter may be PKUiAnd (4) showing. In the embodiment of the invention, a user terminal Ui firstly initializes and generates a first random decryption parameter SK of the user terminal UiUiFirst random encryption parameter PKUiWith a first random decryption parameter SKUiCorresponding, and the pairing exists.
In one embodiment, in step S12, the random prime number, the first random decryption parameter and the first random encryption parameter are randomly generated to calculate a first encryption key to encrypt the slice request feature vector set, which is calculated by the following equations (1) and (2).
PKUi=SKUi -1mod p-1; (1)
Figure BDA0003521299730000101
Wherein SKUiFor the first random decryption parameter, SKUi∈Zp-2Natural number of (PK)UiIs a first random encryption parameter, p is a random prime number, EUiIs a first encryption key, FUiA feature vector set is requested for the slice.
The slice request feature vector set expected by the user terminal Ui is encrypted through the formulas (1) to (2) to ensure the security of the slice feature data requested by the user terminal Ui and prevent the data from being exposed to third-party attackers.
Step S13: and generating a slice authentication request message based on a first encrypted file encrypted by the random prime number and the first encryption key, and forwarding the slice authentication request message to the core network element management module through the base station.
Random prime numbers p, EUiThe encrypted first encrypted file is forwarded to a core network element management module AMF through a base station gNB by using a slice authentication request message, so that the AMF can encrypt the first encrypted file for the second time.
Step S14: and receiving a slice authentication response message forwarded by the core network element management module through the base station, wherein the slice authentication response message is loaded with a second encrypted file encrypted by a second encryption key calculated based on the random prime number, a second random decryption parameter and a second random encryption parameter, and a second slice authentication ciphertext set of each slice supply scheme in the slice supply characteristic vector set, and the second slice authentication ciphertext set comprises a plurality of second ciphertext characteristic elements.
The second encrypted file is the first encrypted file E of the core network element management module AMFUiThe key file for secondary encryption can be represented by EUi' means. The second slice authentication ciphertext set may be represented by EAMFIt is shown that,
Figure BDA0003521299730000111
step S15: and calculating a first slice authentication ciphertext set used for encrypting each second ciphertext characteristic element in the second slice authentication ciphertext set according to the first random encryption parameter and the second ciphertext characteristic elements, wherein the first slice authentication ciphertext set comprises a plurality of first ciphertext characteristic elements.
In one embodiment, in step S15, a first slice authentication ciphertext set for encrypting each second ciphertext feature element in the second slice authentication ciphertext set is calculated according to the first random encryption parameter and the second ciphertext feature element, where the first slice authentication ciphertext set includes a plurality of first ciphertext feature elements, and is calculated according to the following formula (3).
Figure BDA0003521299730000121
Wherein E isAMF' authentication of the ciphertext set for the first slice, EAMFl' is the first ciphertext feature element, PKUiIs a first random encryption parameter, FAMFlSupply the first slice supply scheme in the feature vector set for the slice, p is the random prime number, PKAMFIs a second random encryption parameter. In the embodiment of the invention, the secondary encryption is performed on each slice supply scheme for encrypting the second ciphertext characteristic element sent by the core network element management module AMF.
Step S16: and determining the same matching result between the first ciphertext characteristic element and the second encryption key by matching, wherein the same matching result is the encrypted ciphertext meeting the slice supply scheme of the slice request characteristic vector set.
For example: the user terminal Ui receives the second encryption key EUi' and second slice authentication ciphertext set EAMFThen, to EAMFPerforming secondary encryption on each second ciphertext feature element to obtain
Figure BDA0003521299730000122
Figure BDA0003521299730000123
The user terminal Ui then compares the second encryption key EUi' and first slice authentication ciphertext set EAMF' of each first ciphertext authentication element EAMFl', and find a satisfaction of EUi′=AMFl' element E ofAMFl′。
Step S17: and based on the first random decryption parameter, decrypting the same matching result to obtain a second ciphertext characteristic element corresponding to the same matching result, and forwarding the decrypted second ciphertext characteristic element to the core network element management module through the base station, so that the core network element management module decrypts the slice supply scheme meeting the slice request characteristic vector set based on the second random key parameter.
In one embodiment, based on the first random decryption parameter, the identical matching result is decrypted to obtain the second ciphertext feature element corresponding thereto, which is calculated by the following formula (4).
Figure BDA0003521299730000131
Wherein E isAMFlIs the ith second ciphertext feature element, i.e. the second ciphertext feature element corresponding to the decrypted identical matching result, EAMFl' is the l-th first ciphertext feature element, SKUiFor the first random decryption parameter, SKUi∈Zp-2P is a random prime number, FAMFlFor slicingThe first slice supply scheme in the feature vector set, i.e. the slice supply scheme, PK, that is satisfied with the feature vector set of the slice requestAMFAnd the second random encryption parameter is corresponding to the second random decryption parameter.
In the embodiment of the invention, in the protocol authentication process of the user terminal Ui and the core network element management module AMF, the protocol authentication method is equivalent to a method based on an exchangeable encryption algorithm (Pohlig-hellman), namely (E)B(EA(X))=EA(EB(X)) to enable the user terminal Ui to securely encrypt the selected slice signature data to prevent the data from being exposed to third party attackers. In addition, in the embodiment of the invention, protocol authentication between the user terminal Ui and the core network element management module AMF has a simple deployment structure, a PKI system is not required to be deployed, data calculation and data transmission overhead is favorably reduced, transmission delay is reduced, and the network internet of things communication efficiency can be obviously improved.
Example 2
The embodiment of the invention also discloses a communication security authentication method for the electric power 5G network slice, which is used for a core network element management module, wherein the core network element management module can be represented by AMF (advanced metering framework), as shown in figure 2, the method comprises the following steps:
step S21: and receiving a slice authentication request message forwarded by the user terminal through the base station, wherein the slice authentication request message is loaded with a first encrypted file encrypted by the random prime number and the first encryption key.
The first encryption key in the first encrypted file is shown in formula (2) above, i.e.
Figure BDA0003521299730000132
Figure BDA0003521299730000133
The random prime number in the first encrypted file is p.
And the core network element management module AMF receives the first encrypted file sent by the user terminal Ui so as to encrypt the first encrypted file for the second time.
Step S22: and calculating a second encryption key for re-encrypting the first encrypted file according to the random prime number, the randomly generated second random decryption parameter and the second random encryption parameter.
The second random decryption parameter herein may be SKAMFIs expressed as SKAMF∈Zp-2The second random encryption parameter may be PKAMFMeaning that the second encryption key may be EUi' means. In the embodiment of the invention, the core network element management module AMF firstly initializes and generates the second random decryption parameter SK of the core network element management module AMFAMFSecond random encryption parameter PKAMFWith a second random decryption parameter SKAMFCorresponding, and the pairing exists. The core network element management module re-encrypts the first encrypted file in order to ensure that the encrypted content of the first encrypted file is more secure.
In one embodiment, in step S22, the second encryption key for re-encrypting the first encrypted file is calculated according to the random prime number and the randomly generated second random decryption parameter and second random encryption parameter, and is calculated by the following formulas (5) to (6):
PKAMF=SKAMF -1mod p-1; (5)
Figure BDA0003521299730000141
wherein, PKAMFFor the second random encryption parameter, SKAMDFor the second random decryption parameter, SKAMF∈Zp-2P is a random prime number, EUi' is a second encryption key, EUiIs a first encryption key, FUiRequesting a feature vector set, PK, for a sliceUiIs a first random encryption parameter.
Step S23: a slice supply feature vector set is determined for supplying a slice request feature vector set, the slice supply feature vector set comprising a plurality of slice supply schemes.
For example: slice supply feature vector set FAMF={FAMFl1 ≦ l ≦ n }, which slice supplies multiple slice supply schemes in the feature vector set as a supply user terminalCandidate for Ui.
Step S24: and calculating a second slice authentication ciphertext set for encrypting each slice supply scheme in the slice supply characteristic vector set according to the second random encryption parameter, the random prime number and each slice supply scheme in the slice supply characteristic vector set, wherein the second slice authentication ciphertext set comprises a plurality of second ciphertext characteristic elements.
The second slice authentication ciphertext set may be represented by EAMFAnd (4) showing.
In one embodiment, in step S24, a second slice authentication ciphertext set for encrypting each slice provision scheme in the slice provision feature vector set is calculated according to the second random encryption parameter, the random prime number, and each slice provision scheme in the slice provision feature vector set, and is calculated by equation (7) below.
Figure BDA0003521299730000151
Wherein, EAMFAuthenticating the ciphertext set for the second slice, EAMFlIs the l second ciphertext feature element, FAMFlProtocol for the first slice, PKAMFIs a second random encryption parameter, and p is a random prime number.
Step S25: and generating a slice authentication response message based on a second encrypted file encrypted by the second slice authentication ciphertext set and the second encryption key, and forwarding the slice authentication response message to the user terminal through the base station, so that the user terminal decrypts the same matching result of the first ciphertext characteristic element and the second encryption key based on the first random decryption parameter, and obtains a second ciphertext characteristic element corresponding to the same matching result.
The slice authentication response message here is loaded with E in the above-mentioned formula (6)Ui' with E in the above formula (7)AMF. Will EUi' and EAMFSending the first ciphertext feature element E to the user terminal Ui to facilitate the user terminal Ui to decrypt the first ciphertext feature element EAMFl' and EUi' and decrypting the same matching result to obtain a second ciphertext feature element corresponding to the same matching resultEAMFl
Step S26: and the receiving user terminal forwards the decrypted second ciphertext characteristic element through the base station and decrypts the slice supply scheme meeting the slice request characteristic vector set based on the second random key parameter.
For example: the user terminal Ui uses the first random decryption parameter K randomly generated by the user terminal UiUiSlicing the searched slice E satisfying the requirementAMFl' decryption:
Figure BDA0003521299730000152
Figure BDA0003521299730000161
and E isAMFlReturning to the core network element management module AMF, and then the core network element management module AMF passes through the EAMFlAnd decrypting to obtain the slice supply scheme meeting the requirement.
In one embodiment, the step S26, decrypting the slice supply scheme satisfying the slice request feature vector set based on the second random key parameter, is calculated by the following formula (8):
Figure BDA0003521299730000162
wherein, FAMFlSupply protocol for the l slice, EAMFlFor the ith second ciphertext feature element, SKAMFFor the second random key parameter, SKAMF∈Zp-2P is a random prime number.
By executing the communication security authentication method of the power 5G network slice in the embodiments 1 and 2, the internet of things protocol security authentication between the user terminal Ui and the core network element management module AMF can be realized to prevent the slice feature data from being exposed to third-party attackers, and finally, the F-satisfied condition is metAMFl=FUiThe requirements of (1). As shown in fig. 3, a schematic diagram of communication authentication interaction among the base station gNB, the user equipment UE, and the core network element management module AMF is clearly shown.
Therefore, in the communication security authentication method for the slice of the electric 5G network in the embodiment of the present invention, the core network element management module AMF calculates the second encryption key to encrypt the first encryption file and to authenticate the second slice of the encrypted text set, so as to perform authentication interaction with the user terminal Ui, which is beneficial for the user terminal Ui to match the first ciphertext feature element that is the same as the first encryption key, and decrypt the first ciphertext feature element to obtain the corresponding second ciphertext feature element. Finally, based on the decrypted second ciphertext feature element, the core network element management module AMF decrypts the slice provisioning scheme that satisfies the slice request feature vector set again. The deployment scheme in the embodiment of the invention is simple, a PKI system is not needed, the data calculation and data transmission overhead is reduced, the transmission time delay is reduced, and the calculation and communication efficiency is improved.
Example 3
The embodiment of the invention also discloses a communication security authentication device for authenticating the electric power 5G network slice, which is used for a user terminal and comprises the following modules as shown in figure 4:
and a slicing request feature vector determining module 41, configured to determine a slicing request feature vector set according to the service requirement and the network characteristic.
And a first encryption key calculation module 42, configured to randomly generate a random prime number, a first random decryption parameter, and a first random encryption parameter, so as to calculate a first encryption key to encrypt the slice request feature vector set.
A slice authentication request message generation module 43, configured to generate a slice authentication request message based on a first encrypted file encrypted by the random prime number and the first encryption key, and forward the slice authentication request message to the core network element management module through the base station;
a slice authentication response message receiving module 44, configured to receive a slice authentication response message forwarded by the core network element management module through the base station, where the slice authentication response message is loaded with a second encrypted file encrypted by a second encryption key obtained through calculation based on a random prime number, a second random decryption parameter, and a second random encryption parameter, and a second slice authentication ciphertext set of each slice supply scheme in the slice supply feature vector set, where the second slice authentication ciphertext set includes a plurality of second ciphertext feature elements;
a first slice authentication ciphertext set calculation module 45, configured to calculate, according to the first random encryption parameter and the second ciphertext feature element, a first slice authentication ciphertext set that is used to encrypt each second ciphertext feature element in the second slice authentication ciphertext set, where the first slice authentication ciphertext set includes a plurality of first ciphertext feature elements;
a ciphertext matching module 46, configured to determine, by matching the first ciphertext feature element with the second encryption key, a same matching result therebetween, where the same matching result is an encrypted ciphertext that satisfies a slice provision scheme of a slice request feature vector set;
and the ciphertext decryption module 47 is configured to decrypt the same matching result based on the first random decryption parameter to obtain a second ciphertext feature element corresponding to the same matching result, and forward the decrypted second ciphertext feature element to the core network element management module through the base station, so that the core network element management module decrypts the slice supply scheme that meets the slice request feature vector set based on the second random key parameter.
In one embodiment, the first encryption key calculation module 42 randomly generates a random prime number, a first random decryption parameter and a first random encryption parameter to calculate a first encryption key to encrypt the slice request feature vector set, which is calculated by the above equations (1) - (2).
In one embodiment, the first slice authentication ciphertext set calculating module 45 calculates a first slice authentication ciphertext set used for encrypting each second ciphertext feature element in the second slice authentication ciphertext set according to the first random encryption parameter and the second ciphertext feature element, where the first slice authentication ciphertext set includes a plurality of first ciphertext feature elements, and is calculated according to the above equation (3).
In one embodiment, the ciphertext decryption module 47 decrypts the identical matching result based on the first random decryption parameter to obtain the second ciphertext feature element corresponding thereto, which is calculated by the above equation (4).
The embodiment of the invention also discloses a communication security authentication device for the power 5G network slice, which is used for a core network element management module, and as shown in fig. 5, the communication security authentication device comprises the following modules:
the slice authentication request message receiving module 51 is configured to receive a slice authentication request message forwarded by a user terminal through a base station, where the slice authentication request message is loaded with a first encrypted file encrypted by a random prime number and a first encryption key.
And a second encryption key encryption module 52, configured to calculate a second encryption key for re-encrypting the first encrypted file according to the random prime number, the randomly generated second random decryption parameter, and the second random encryption parameter.
A slice supply feature vector determination module 53, configured to determine a slice supply feature vector set for supplying the slice request feature vector set, the slice supply feature vector set including a plurality of slice supply schemes.
And a second slice authentication ciphertext set calculation module 54, configured to calculate a second slice authentication ciphertext set used to encrypt each slice provision scheme in the slice provision feature vector set according to the second random encryption parameter, the random prime number, and each slice provision scheme in the slice provision feature vector set, where the second slice authentication ciphertext set includes a plurality of second ciphertext feature elements.
And a slicing authentication response message generating module 55, configured to generate a slicing authentication response message based on a second encrypted file encrypted by the second slicing authentication ciphertext set and the second encryption key, and forward the slicing authentication response message to the user terminal through the base station, so that the user terminal decrypts, based on the first random decryption parameter, the same matching result between the first ciphertext feature element and the second encryption key, to obtain a second ciphertext feature element corresponding to the same matching result.
And a second ciphertext feature element receiving module 56, configured to receive the second ciphertext feature element that the user terminal forwards through the base station, and decrypt, based on the second random key parameter, the slice provisioning scheme that meets the slice request feature vector set.
In one embodiment, the second encryption key encryption module 52 calculates a second encryption key for re-encrypting the first encrypted file according to the random prime number, the randomly generated second random decryption parameter, and the second random encryption parameter, and calculates the second encryption key according to the above equations (5) - (6).
In one embodiment, the second slice authentication ciphertext set calculation module 54 calculates the second slice authentication ciphertext set for encrypting each slice provision scheme in the slice provision feature vector set based on the second random encryption parameter, the random prime number, and each slice provision scheme in the slice provision feature vector set, and calculates by equation (7) above.
In one embodiment, the second ciphertext feature element receiving module 56 decrypts the slice supply scheme that satisfies the feature vector set of the slice request based on the second random key parameter, which is calculated by equation (8) above.
Example 4
An embodiment of the present invention further provides a computer device, as shown in fig. 6, the computer device may include a processor 61 and a memory 62, where the processor 61 and the memory 62 may be connected by a bus or in another manner, and fig. 6 illustrates an example of a connection by a bus.
The processor 61 may be a Central Processing Unit (CPU). The Processor 61 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or combinations thereof.
The memory 62, which is a non-transitory computer-readable storage medium, may be used to store non-transitory software programs, non-transitory computer-executable programs, and modules. The processor 61 executes various functional applications and data processing of the processor by running the non-transitory software programs, instructions and modules stored in the memory 62, that is, implements the communication security authentication method of the power 5G network slice in the above embodiment. The memory 62 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor 61, and the like. Further, the memory 62 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 62 may optionally include memory located remotely from the processor 61, and these remote memories may be connected to the processor 61 via a network. Examples of such networks include, but are not limited to, the power grid, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory 62, and when executed by the processor 61, perform the communication security authentication method of the power 5G network slice in the embodiment shown in the drawings.
The details of the computer device can be understood by referring to the corresponding related descriptions and effects in the embodiments shown in the drawings, and are not described herein again.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
It should be understood that the above examples are only for clarity of illustration and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications therefrom are within the scope of the invention.

Claims (10)

1. A communication security authentication method of a power 5G network slice is used for a user terminal, and is characterized by comprising the following steps:
determining a slicing request feature vector set according to the service requirement and the network characteristics;
randomly generating a random prime number, a first random decryption parameter and a first random encryption parameter so as to calculate a first encryption key to encrypt the slicing request feature vector set;
generating a slice authentication request message based on a first encrypted file obtained by encrypting the random prime number and the first encryption key, and forwarding the slice authentication request message to a core network element management module through a base station;
receiving a slice authentication response message forwarded by the core network element management module through the base station, wherein the slice authentication response message is loaded with a second encrypted file encrypted by a second encryption key calculated based on the random prime number, a second random decryption parameter and a second random encryption parameter, and a second slice authentication ciphertext set of each slice supply scheme in a slice supply feature vector set, and the second slice authentication ciphertext set comprises a plurality of second ciphertext feature elements;
calculating a first slice authentication ciphertext set used for encrypting each second ciphertext feature element in the second slice authentication ciphertext set according to the first random encryption parameter and the second ciphertext feature elements, wherein the first slice authentication ciphertext set comprises a plurality of first ciphertext feature elements;
determining the same matching result between the first ciphertext feature element and the second encryption key by matching, wherein the same matching result is the encrypted ciphertext meeting the slice supply scheme of the slice request feature vector set;
and based on the first random decryption parameter, decrypting the same matching result to obtain the second ciphertext characteristic element corresponding to the same matching result, and forwarding the decrypted second ciphertext characteristic element to the core network element management module through the base station, so that the core network element management module decrypts a slice supply scheme meeting the slice request characteristic vector set based on a second random key parameter.
2. The power 5G network slice communication security authentication method according to claim 1, wherein a random prime number, a first random decryption parameter and a first random encryption parameter are randomly generated to calculate a first encryption key to encrypt the slice request feature vector set, calculated by the following formula:
PKUi=SKUi -1modp-1;
Figure FDA0003521299720000021
wherein SKUiFor the first random decryption parameter, SKUi∈Zp-2Natural number of (PK)UiIs the first random encryption parameter, p is the random prime number, EUiIs said first encryption key, FUiA feature vector set is requested for the slice.
3. The communication security authentication method for the power 5G network slice according to claim 1, wherein a first slice authentication ciphertext set for encrypting each second ciphertext feature element in the second slice authentication ciphertext set is calculated according to the first random encryption parameter and the second ciphertext feature element, the first slice authentication ciphertext set comprises a plurality of first ciphertext feature elements, and the calculation is performed according to the following formula:
Figure FDA0003521299720000022
wherein E isAMF' authenticating the first slice with a ciphertext set, EAMFl' is the first ciphertext feature element, PKUiFor the first random encryption parameter, FAMFlSupplying the slice with the ith slice supply scheme in the feature vector set, p being the random prime number, PKAMFIs the second random encryption parameter.
4. The communication security authentication method for the power 5G network slice according to claim 1, wherein the same matching result is decrypted based on the first random decryption parameter to obtain the second ciphertext feature element corresponding to the same matching result, and the calculation is performed according to the following formula:
Figure FDA0003521299720000031
wherein E isAMFlFor the ith second ciphertext feature element, EAMFl' is the l-th first ciphertext feature element, SKUiFor the first random decryption parameter, SKUi∈Zp-2P is the random prime number, FAMFlSupplying the slice with the ith slice supply scenario, PK, in the feature vector setAMFAnd the second random encryption parameter is corresponding to the second random decryption parameter.
5. A communication security authentication method of a power 5G network slice is used for a core network element management module, and is characterized by comprising the following steps:
receiving a slice authentication request message forwarded by a user terminal through a base station, wherein the slice authentication request message is loaded with a first encrypted file formed by encrypting a random prime number and a first encryption key;
calculating a second encryption key for re-encrypting the first encrypted file according to the random prime number, a second random decryption parameter and a second random encryption parameter which are generated randomly;
determining a slice supply feature vector set for supplying the slice request feature vector set, the slice supply feature vector set including a plurality of slice supply schemes;
calculating a second cipher text set for encrypting each slice provision scheme in the slice provision feature vector set according to the second random encryption parameter, the random prime number, and each slice provision scheme in the slice provision feature vector set, wherein the second cipher text set comprises a plurality of second cipher text feature elements;
generating a slice authentication response message based on a second encrypted file encrypted by the second slice authentication ciphertext set and the second encryption key, and forwarding the slice authentication response message to the user terminal through the base station, so that the user terminal decrypts the same matching result of the first ciphertext characteristic element and the second encryption key based on a first random decryption parameter to obtain the second ciphertext characteristic element corresponding to the same matching result;
and receiving the second ciphertext characteristic element decrypted by the user terminal through the base station, and decrypting a slice supply scheme meeting the slice request characteristic vector set based on the second random key parameter.
6. The communication security authentication method for the power 5G network slice according to claim 5, wherein a second encryption key for re-encrypting the first encrypted file is calculated according to the random prime number, a randomly generated second random decryption parameter and a second random encryption parameter, and is calculated by the following formula:
PKAMF=SKAMF -1modp-1;
Figure FDA0003521299720000041
wherein, PKAMFFor the second random encryption parameter, SKAMFFor said second random decryption parameter, SKAMF∈Zp-2P is the random prime number, EUi' is said second encryption key, EUiIs said first encryption key, FUiRequesting a feature vector set, PK, for the sliceUiIs the first random encryption parameter.
7. The power 5G network slice communication security authentication method according to claim 5, wherein a second slice authentication secret set used for encrypting each slice provision scheme in the slice provision feature vector set is calculated from the second random encryption parameter, the random prime number, and each slice provision scheme in the slice provision feature vector set by the following formula:
Figure FDA0003521299720000042
wherein E isAMFAuthenticating the set of ciphertext for the second slice, EAMFlIs the ith second ciphertext feature element, FAMFlProtocol for the first slice, PKAMFP is the random prime number as the second random encryption parameter.
8. The communication security authentication method for a power 5G network slice according to claim 5, wherein decrypting a slice provisioning scheme that satisfies the slice request feature vector set based on the second random key parameter is calculated by the following formula:
Figure FDA0003521299720000051
wherein, FAMFlSupply protocol for the l slice, EAMFlFor the ith second ciphertext feature element, SKAMfFor the second random key parameter, SKAMF∈Zp-2P is the random prime number.
9. A computer-readable storage medium storing computer instructions for causing a computer to execute the communication security authentication method of the power 5G network slice according to any one of claims 1 to 8.
10. A computer device, comprising: a memory and a processor, the memory and the processor are connected with each other in communication, the memory stores computer instructions, and the processor executes the computer instructions to execute the communication security authentication method of the power 5G network slice according to any one of claims 1 to 8.
CN202210178412.9A 2022-02-25 2022-02-25 Communication security authentication method and device for electric power 5G network slice Active CN114760090B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210178412.9A CN114760090B (en) 2022-02-25 2022-02-25 Communication security authentication method and device for electric power 5G network slice

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210178412.9A CN114760090B (en) 2022-02-25 2022-02-25 Communication security authentication method and device for electric power 5G network slice

Publications (2)

Publication Number Publication Date
CN114760090A true CN114760090A (en) 2022-07-15
CN114760090B CN114760090B (en) 2023-07-28

Family

ID=82326266

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210178412.9A Active CN114760090B (en) 2022-02-25 2022-02-25 Communication security authentication method and device for electric power 5G network slice

Country Status (1)

Country Link
CN (1) CN114760090B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546181A (en) * 2012-01-09 2012-07-04 西安电子科技大学 Cloud storage encrypting and deciphering method based on secret key pool
US20170019261A1 (en) * 2015-07-13 2017-01-19 Fujitsu Limited Relational encryption for password verification
WO2020060871A1 (en) * 2018-09-19 2020-03-26 Intel Corporation Protection of initial non-access stratum protocol message in 5g systems
WO2020208427A1 (en) * 2019-04-11 2020-10-15 Lg Electronics, Inc. Systems and methods for accelerated certificate provisioning
CN112752265A (en) * 2019-10-31 2021-05-04 华为技术有限公司 Access control method and device for network slice and storage medium
CN113840185A (en) * 2020-06-23 2021-12-24 中兴通讯股份有限公司 Multicast message processing method, OLT device, ONU device and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546181A (en) * 2012-01-09 2012-07-04 西安电子科技大学 Cloud storage encrypting and deciphering method based on secret key pool
US20170019261A1 (en) * 2015-07-13 2017-01-19 Fujitsu Limited Relational encryption for password verification
WO2020060871A1 (en) * 2018-09-19 2020-03-26 Intel Corporation Protection of initial non-access stratum protocol message in 5g systems
WO2020208427A1 (en) * 2019-04-11 2020-10-15 Lg Electronics, Inc. Systems and methods for accelerated certificate provisioning
CN112752265A (en) * 2019-10-31 2021-05-04 华为技术有限公司 Access control method and device for network slice and storage medium
CN113840185A (en) * 2020-06-23 2021-12-24 中兴通讯股份有限公司 Multicast message processing method, OLT device, ONU device and storage medium

Also Published As

Publication number Publication date
CN114760090B (en) 2023-07-28

Similar Documents

Publication Publication Date Title
CN111740828B (en) Key generation method, device and equipment and encryption and decryption method
EP3493462B1 (en) Authentication method, authentication apparatus and authentication system
CN111052672B (en) Secure key transfer protocol without certificate or pre-shared symmetric key
US10951423B2 (en) System and method for distribution of identity based key material and certificate
EP4040717B1 (en) Method and device for secure communications over a network using a hardware security engine
US9379891B2 (en) Method and system for ID-based encryption and decryption
US9071426B2 (en) Generating a symmetric key to secure a communication link
CN106130716B (en) Key exchange system and method based on authentication information
CN104094267B (en) Method, apparatus and system for secure sharing of media content from a source device
EP2398208A2 (en) Method for securing transmission data and security system for implementing the same
CN107294937A (en) Data transmission method, client and server based on network service
CN108809633B (en) Identity authentication method, device and system
CN103427998A (en) Internet data distribution oriented identity authentication and data encryption method
CN112291179B (en) Method, system and device for realizing equipment authentication
CN112602290B (en) Identity authentication method and device and readable storage medium
CN114765543B (en) Encryption communication method and system of quantum cryptography network expansion equipment
CN113141333B (en) Communication method, device, server, system and storage medium of network access device
CN114760090B (en) Communication security authentication method and device for electric power 5G network slice
CN114745151B (en) Electric power 5G network slice authentication message matching method and device based on edge calculation
CN108683627B (en) Internet of things node-to-node communication encryption method and system
CN117858081A (en) Communication network encryption method, system, electronic device and storage medium
CN116761172A (en) Secure network construction method based on SD-WAN
CN115941177A (en) Virtual server distributed key authentication system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant